Archive for the ‘Healthcare’ category

The digital world is already here and what seemed science fiction few years back we now accept as everyday. Voice activated commands on our smear phone now also query our databases and update our dashboards, remote medical checks are done at an atm, artificial intelligence and big data influence our live every time we log onto google, amazon, facebook or ring a callcentre.

We have been investigating IoT for over a year, particularly with regard to condition monitoring for asset management and several of our team were involved in recent training that included a hands on session for Microsoft Field Services. This is built on the Dynamics 365 platform as an extension of CRM and offer comprehensive features for field service: help desk, engineer scheduling and mobile operations. Field service is aimed at service companies with a large field force of service engineers and is typically integrated with erp systems and thus the overall project can be quite complex. To reduce the risk and implementation time we offer a proven accelerator.

We also offer a Enterprise Asset Management suite which is successfully deployed in several leading UAE companies for a number of years particularly for asset tracking.

In Dynamics 365/2012 for Ax EAM also needs to consider that both engineers and equipment may be sued is production or on projects. Thus engineering and maintenance scheduling also has to consider in house planned and breakdown maintenance and servicing and more complex overhauls and asset structures, the impact of equipment downtime on production schedules and much more. We offer a Microsoft certified isv integrated suite of EAM modules built on the Ax 2012/D365 platform that covers both field service and mobile as well as in in house maintenance.

Predictive maintenance and SCADA integration and extensive condition monitoring., embedded and Power BI analytics are no longer rocket science.
At a recent client 4 day workshop we demonstrated HOLO lens assisted reality to support engineers. This can for example be used to provide step by step guidance or for collaboration from the field with an OEM a remote manufacturer, or your chief engineer.

Account maintenance is now mandatory under UAE VAT Law and it facilitates the correct receipt and payment of cash and other transactions entered by a company. Audited accounts will be needed so don’t wait till year end to find an auditor that suits your business.

2- Make changes to the core processes and accounting departments

It is important to change your core processes and adapt your accounting departments to achieve tax compliance. For SMEs, with limited transactions, the task is easier as the transition is less likely to require significant systematic change or they might use an external bookkeeper or tax agent.

3- Train staff, especially financial management

Employees need proper insight around GCC-wide initiatives to implement VAT across the region and how companies should prepare. Help them de-mystify VAT by providing on the job training and a framework to raise and clarify queries. Avoid disputes with trading partners and ensure staff have the relevant information and training to resolve issues that arise.

4- Review your contracts and the contracts and conditions agreed with dealers

Many businesses negotiated contracts at a time VAT was not payable but running across the implementation dates. It is time to now bring contracts into step with the UAE’s economic context.

- Consider accounting software for bookkeeping

Electronic reporting systems are increasingly being used by tax authorities. The ability to produce the required audit file details on demand will be difficult without a system. Companies that use electronic invoicing are likely to improve the timing of VAT recovery on costs.

6- Adhere to VAT deadlines

Register your company to avoid a fine as severe as AED 20,000. The Federal Tax Authority (FTA) has already been extend the deadline to the 1st January and if you don’t complete VAT registrations you will also have to stop sales till you get your tax registration certificate (TRC).

Note initial returns are due 28 January 2018 so time is running out.

7- Study UAE tax legislation

The implementation of taxes in the UAE came with a whole new set of procedures. we recommend to study and get familiar with the different laws in place including the UAE VAT Law and to discuss with your auditor, tax agent and software provider.

8- Keep an eye out for new information

There have been a slew of clarifications in the last month and some details are still not finalised e.g. with regard to free zones, or which companies will report monthly and which quarterly.

The UAE Federal Tax Authority (FTA) online portal is open 24/7 to allow for taxpayers to register for VAT purposes. The FTA has also determined the deadlines for the application for VAT registration based on business turnover.
For larger companies VAT registration is required by 31 October 2017, and such businesses should
immediately consider the timeline requirement given their turnover profile and the other registration
requirements.
Businesses that are required to register for VAT will need to set up an online account on the FTA website and complete the VAT registration form.

The FTA has announced that a phased registration approach has been introduced. In particular, those businesses that meet these criteria must comply with the relevant application dates for registration:
● Businesses with an annual turnover exceeding AED 150 million must apply for registration by31 October 2017
● Businesses with an annual turnover exceeding AED 10 million must apply for registration by 30 November 2017

● Remaining businesses with an annual turnover exceed the mandatory registration threshold
(expected to be AED 375,000) must apply for registration by 4 December 2017
Prior to the fulfilment of the VAT registration form, the FTA provides a “Getting Started Guide” that shares essential information that businesses should be aware of. This includes information on the registration criteria, registration of a VAT group, and necessity to register if only zero-rated supplies are made.

Additional details clarifying the VAT registration mechanism are found in the VAT registration guide, a document posted on FTA online portal under the “Advice” tab. This document captures the
calculation of turnover for VAT purposes, a walk-through of VAT registration through the FTA
registration portal, registration of a VAT group and types of books and records required to be held by a
taxpayer to ensure accurate tax compliance.

We strongly advise for businesses to visit the FTA website to initiate their VAT registration application by
their applicable deadline after having considered the guidance provided by the FTA and other advice
as required (for instance VAT Grouping).
Businesses should allow time to compile the required information for the VAT registration.

You never know when some item that queries or alters data in SQL Server will cause issues.

Bruce Schneier recently commented on FaceID and Bluetooth security, the latter of which has a vulnerability issue. I was amazed to see his piece on infrared camera hacking. A POC on using light to jump air gaps is truly frightening. It seems that truly anywhere that we are processing data, we need to be thinking (see https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/)

Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure. With BlueBorne, attackers can gain full control right from the start. Moreover, Bluetooth offers a wider attacker surface than WiFi, almost entirely unexplored by the research community and hence contains far more vulnerabilities

Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack.

Fully patched Windows and iOS systems are protected

– the Equifax breach for example must worry everyone who has ever had credit in the USA. (Hackers broke into Equifax’s computer systems in March, which is two months earlier than the company had previously disclosed, according to a Wall Street Journal report.)

The Securities and Exchange Commission said Wednesday that a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. In a statement posted on the SEC’s website, Chairman Jay Clayton said a review of the agency’s cybersecurity risk profile determined that the previously detected “incident” was caused by “a software vulnerability” in its EDGAR filing system (which processes over 1.7 million electronic filings in any given year.) The agency also discovered instances in which its personnel used private, unsecured email accounts to transmit confidential information.

So let me suggest take a good look at your systems and be honest – do you feel safe?

Microsoft has released Microsoft 365, a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. Watch Satya introduce it.

What about your websites?
Although acts of vandalism such as defacing corporate websites are still commonplace, hackers prefer to gain access to the sensitive data residing on the database server and then to sell the data.

The costs of not giving due attention to your web security are extensive and apart form direct financial burden and inconvenience also risks:
• Loss of customer confidence, trust and reputation with the consequent harm to brand equity
• Negative impact on revenues and profits arising e.g. from falsified transactions, or from
employee downtime
• Website downtime – is in effect the closure of one of the most important sales and marketing channels
especially for an e-business
• Legal battles and related implications from Web application attacks and poor security
measures including fines and damages to be paid to victims.

Web Security Weaknesses
Hackers will attempt to gain access to your database server through any way they can e.g. out of date protocols on a router. Two main targets are :
• Web and database servers.
• Web applications.

Information about such exploits are readily available on the Internet, and many have been reported on this blog previously.

Web Security Scanning
So no surprise that Web security should contain two important components: web and database server security, and web application security.

It is of paramount importance to scan the security of these web assets on the network for possible vulnerabilities. For example, modern database systems (e.g. Microsoft SQL Server, Oracle and MySQL) may be
accessed through specific ports and so anyone can attempt direct connections to the databases to try and bypass the security mechanisms used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability.

Other weaknesses relate to the database application itself and the use of weak or default passwords by
administrators. Vendors patch their products regularly, and equally regularly find new ways of
attack.

75% of cyber attacks target weaknesses within web applications rather than directly at the
servers. Hackers launch web application attacks on port 80 . Web applications are more open to uncovered vulnerabilities since these are generally custom-built and therefore pass through a lesser degree of
testing than off-the-shelf software.

Some hackers, for example, maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites. This technique is called Cross-Site Scripting (XSS) and may
be used even though the web and database servers contain no vulnerability themselves.

Hence, any web security audit must answer the questions “which elements of our network
infrastructure are open to hack attacks?”, “which parts of a website are open to hack attacks?”, and “what data can we throw at an application to cause it to perform something it shouldn’t do?”

Ask us about Acunetix and Web Security
Acunetix ensures web site security by automatically checking for SQL Injection, Cross Site Scripting,
and other vulnerabilities. It checks password strength on authentication pages and automatically
audits shopping carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where vulnerabilities exist

See our previous article on this topic for why your company may be affected if you are a branch of a European company, or have branches in Europe, or trade with a European company.

From May 25, 2018, companies with business operations inside the European Union must follow the General Data Protection Regulations (GDPR) to safeguard how they process personal data “wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”

The penalties set for breaches of GDPR are up to 4% of a company’s annual global turnover.
For large companies like Microsoft that have operations within the EU, making sure that IT systems do not contravene GDPR is critical. As we saw on August 3, even the largest software operations like Office 365 can have a data breach.
Many applications can store data that might come under the scope of GDPR. the regulation has a considerable influence over how tenants deal with personal data. The definition of personal data is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
GDPR goes on to define processing of personal data to be “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

That means that individuals have the right to ask companies to tell them what of their personal data a company holds, and to correct errors in their personal data, or to erase that data completely.

Companies therefore need to:
- review and know what personal data they hold,
- make sure that they obtain consents from people to store that data,
– protect the data,
- and notify authorities when data breaches occur.

On first reading, this might sound like what companies do – or at least try to do – today. The difference lies in the strength of the regulation and the weight of the penalties should anything go wrong.

GDPR deserves your attention.

The definitions used by GDPR are broad. To move from the theoretical to the real world an organization first needs to understand what personal data it currently holds for its business operations, and where they use the data within software applications.

Other examples might include contract documentation, project files that includes someone’s personal information, and so on.

What backups do you have of the customer’s data?
What business data do your staff hold on BYOD devices e.g. in What’s App?

Data Governance Helps
Fortunately, the work done inside Office 365 in the areas of data governance and compliance help tenants to satisfy the requirements of GDPR. These features include:
• Classification labels and policies to mark content that holds personal data.
• Auto-label policies to find and classify personal data as defined by GDPR. Retention processing can then remove items stamped with the GDPR label from mailboxes and sites after a defined period, perhaps after going through a manual disposition process.
• Content searches to find personal data marked as coming under the scope of GDPR.
• Alert policies to detect actions that might be violations of the GDPR such as someone downloading multiple documents over a brief period from a SharePoint site that holds confidential documentation.
• Searches of the Office 365 audit log to discover and report potential GDPR issues.
• Azure Information Protection labels to encrypt documents and spreadsheets holding personal data by applying RMS templates so that unauthorized parties cannot read the documents even if they leak outside the organization.

Technology that exists today within Office 365 that can help with GDPR.

Classification Labels
Create a classification label to mark personal data coming under the scope of GDPR and then apply that label to relevant content. When you have Office 365 E5 licenses, create an auto-label policy to stamp the label on content in Exchange, SharePoint, and OneDrive for Business found because documents and messages hold sensitive data types known to Office 365.

GDPR sensitive data types

Select from the set of sensitive data types available in Office 365.
The set is growing steadily as Microsoft adds new definitions.
At the time of writing, 82 types are available, 31 of which are obvious candidates to use in a policy because those are for sensitive data types such as country-specific identity cards or passports.
Figure 1: Selecting personal data types for an auto-label policy (image credit: Tony Redmond)

GDPR Policy

The screenshot in Figure 2 shows a set of sensitive data types selected for the policy. The policy applies a label called “GDPR personal data” to any content found in the selected locations that matches any of the 31 data types.

Auto-apply policies can cover all Exchange mailboxes and SharePoint and OneDrive for Business sites in a tenant – or a selected sub-set of these locations.

Figure 2: The full set of personal data types for a GDPR policy (image credit: Tony Redmond)

Use classification labels to mark GDPR content so that you can search for this content using the ComplianceTag keyword (for instance, ComplianceTag:”GDPR personal data”).

Caveats:
It may take 1-2 week before auto-label policies apply to all locations.
An auto-label policy will not overwrite a label that already exists on an item.

A problem is that classification labels only cover some of Office 365. Some examples of popular applications where you cannot yet use labels are:
• Teams.
• Planner.
• Yammer.

Microsoft plans to expand the Office 365 data governance framework to other locations (applications) over time.Master data management
What about all the applications running on SQL or other databases?
Master Data Management MDM is a feature of SQL since SQL 2012. However, when you have many data sources then you are relay into an ETL process and even with MDM tools the work is still significant.

If you have extensive requirements then ask us about Profisee our specialist, productized MDM solution built on top of SQL MDM that allows you to do much of the work by configuration.

Right of Erasure
Finding GDPR data is only part of the problem. Article 17 of GDPR (the “right of erasure”), says: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.” In other words, someone has the right to demand that an organization should erase any of their personal data that exists within the company’s records.

Content searches can find information about someone using their name, employee number, or other identifiers as search keywords, but erasing the information is something that probably also needs manual processing to ensure that the tenant removes the right data, and only that data.

You can find and remove documents and other items that hold someone’s name or other identifier belonging to them by using tools such as Exchange’s v Search-Mailbox cmdlet, or Office 365 content searches.
What if the the data ahs to be retained because the company needs to keep items for regulatory or legal purposes, can you then go ahead and remove the items?
The purpose of placing content on-hold is to ensure that no-one, including administrators, can remove that information from Exchange or SharePoint.

The GDPR requirement to erase data on request means that administrators might have to release holds placed on Exchange, SharePoint, and OneDrive for Business locations to remove the specified data. Once you release a hold, you weaken the argument that held data is immutable. The danger exists that background processes or users can then either remove or edit previously-held data and so undermine a company’s data governance strategy.

The strict reading of GDPR is that organizations must process requests to erase personal data upon request.
What if the company needs to keep some of the data to satisfy regulations governing financial transactions, taxation, employment claims, or other interactions? This is a dilemma for IT. Lawyers will undoubtedly have to interpret requests and understand the consequences before making decisions and it is likely that judges will have to decide some test cases in different jurisdictions before full clarity exists.

Hybrid is even More Difficult

Microsoft is working to help Office 365 tenants with GDPR. However, I don’t see the same effort going to help on-premises customers. Some documentation exists to deal with certain circumstances (like how to remove messages held in Recoverable Items), but it seems that on-premises customers have to figure out a lot things for themselves.

This is understandable. Each on-premises deployment differs slightly and exists inside specific IT environments. Compared to the certainty of Office 365, developing software for on-premises deployment must accommodate the vertical and company specific requirements with integrations and bespoke developments.

On-premises software is more flexible, but it is also more complicated.
Solutions to help on-premises customers deal with GDPR are more of a challenge than Microsoft or other software vendors wants to take on especially given the industry focus of moving everything to the cloud.

Solutions like auto-label policies are unavailable for on-premises servers. Those running on-premises SharePoint and Exchange systems must find their own ways to help the businesses that they serve deal with personal data in a manner that respects GDPR. Easier said than done and needs to start sooner than later.

SharePoint Online GitHub Hub

If you work with SharePoint Online, you might be interested in the SharePoint GDPR Activity Hub. At present, work is only starting, but it is a nway to share information and code with similarly-liked people.

ISV Initiatives

There many ISV-sponsored white papers on GDPR and how their technology can help companies cope with the new regulations. There is no doubt that these white papers are valuable, if only for the introduction and commentary by experts that the papers usually feature. But before you resort to an expensive investment, ask yourself whether the functionality available in Office 365 or SQL is enough.

Technology Only Part of the Solution

GDPR will effect Office 365 because it will make any organization operating in the European Union aware of new responsibilities to protect personal data. Deploy Office 365 features to support users in their work, but do not expect Office 365 to be a silver bullet for GDPR. Technology seldom solves problems on its own. The nature of regulations like GDPR is that training and preparation are as important if not more important than technology to ensure that users recognize and properly deal with personal data in their day-to-day activities.

Any taxable person must retain VAT invoices issued and received for a minimum of 5 years.

ImportsThe place of supply will determine whether a supply is made within the UAE (in which case the UAE VAT law will apply), or outside the UAE for VAT purposes. For a supply of goods, the place of supply should be the location of goods when the supply takes place – with special rules for certain categories of supplies (e.g. water and energy, cross border supplies).

For the supply of services, the place of supply should be where the supplier is established – (with special rules for certain categories of supplies e.g. cross border supplies between businesses).

VAT shall be payable in addition to the custom duties paid by the importer of the goods and cannot be deducted against. VAT shall be computed on the value that includes the customs duties.

Some goods that are imported may be exempt from customs duties but be subject to VAT.

VAT is due on the goods and services purchased from abroad. In case the recipient in the State is a registered person with the Federal Tax Authority for VAT purposes, the VAT would be due on that import using a reverse charge mechanism. In case the recipient in the State is a non-registered person for VAT purposes, VAT would be paid on import of goods from a place outside the GCC. Such VAT will typically be required to be paid before the goods are released to the person.

Exempt and zero rate
- The VAT treatment of real estate will depend on whether it is a commercial or residential property.
Supplies (including sales or leases) of commercial properties will be taxable at the standard VAT rate (i.e 5%).
- Supplies of residential properties will generally be exempt from VAT to ensure that VAT does not constitute an irrecoverable cost to persons who buy their own properties. To ensure that real estate developers can recover VAT on construction of residential properties, the first supply of residential properties within 3 years from their completion will be zero-rated.

There is a difference between exempt goods and zero rate. (for example zero rate might be raised in future).
VAT will be charged at 0% in respect of the following main categories of supplies:
• Exports of goods and services to outside the GCC;
• International transportation, and related supplies;
• Supplies of certain sea, air and land means of transportation (such as aircrafts and ships);
• Certain investment grade precious metals (e.g. gold, silver, of 99% purity);
• Newly constructed residential properties, that are supplied for the first time within 3 years of their construction ;
• Supply of certain education services, and supply of relevant goods and services;
• Supply of certain Healthcare services, and supply of relevant goods and services.

The following categories of supplies will be exempt from VAT:
• The supply of some financial services (clarified in VAT legislation);
• Residential properties;
• Bare land;
• Local passenger transport

Financial Services
It is expected that fee based financial services will be taxed but margin based products are likely to be exempt.
Generally, insurance (vehicle, medical, etc) will be taxable. Life insurance, we understand will be treated as an exempt financial service

The VAT treatment of standard financial services and Islamic finance products, the treatment of Islamic finance products will be aligned with the treatment of similar standard financial services

Businesses that meet requirements the Legislation (such as being resident in the UAE and being related/associated parties) will be able to register as a VAT group. For some businesses, VAT grouping will be a useful tool to simplify accounting for VAT.

Offsetting VAT.
VAT registered businesses will be able to reduce their output tax liability by the amount of VAT that relates to bad debt which has been written off by the VAT registered business. The legislation will include the conditions and limitations concerning the use of this relief.

A scheme will be introduced to allow a UAE national who is not registered for VAT to reclaim VAT paid on goods and services relating to constructing a new residence which will be privately used by the person and his family. This will allow the recovery of VAT on such expenses as contractor’s services and building materials.

To avoid double taxation (where second hand goods are acquired by a registered person from an unregistered person for the purpose of resale), the VAT-registered person will be able to account for VAT on sales of second hand goods with reference to: the difference between the purchase price of the goods, and the selling price of the goods (that is, the profit margin).

The VAT which must be accounted for by the registered person, will be included in the profit margin. The legislation will include the details of the conditions to be met in order to apply this mechanism.

VAT on expenses
A VAT registered person incurs input tax on its business expenses, and this input tax can be recovered in full when it relates to a taxable supply that was made, or intended to be made, by the registered person. In contrast, where the expense relates to a non-taxable supply (e.g. exempt supplies), then the registered person may not recover the input tax paid.

VAT will not be deductible in respect of expenses incurred for making non-taxable supplies. Furthermore, input tax cannot be deducted when it is incurred in respect of specific expenses such as entertainment expenses e.g. for employee entertainment.

VAT on expenses that were incurred by a business can be deducted in the following circumstances:
• The business must be a taxable person (the end consumer cannot claim any input tax refund).
• VAT should have been charged correctly (i.e. unduly charged VAT is not recoverable).
• The business must hold documentation showing the VAT paid (e.g. valid tax invoice).
• The goods or services acquired are used or intended to be used for making taxable supplies.
• VAT input tax refund can be claimed only on the amount paid or intended to be paid before the expiration of 6 months after the agreed date for the payment of the supply.

In certain situations, an expense may relate to both taxable and non-taxable supplies made by the registered person (such as activities of the banking sector). In these circumstances, the registered person would need to apportion input tax between the taxable and non-taxable (exempt) supplies.

Businesses will be expected to use input tax (ratio of recoverable to total) as a basis for apportionment in the first instance – (there will be the facility to use other methods where those are fair and agreed with the Federal Tax Authority).

Compliance and returnsPenalties will be imposed for non-compliance. Examples of actions and omissions that may give raise to penalties include:
• A person failing to register when required to do so;
• A person failing to submit a tax return or make a payment within the required period;
• A person failing to keep the records required under the issued tax legislation;
• Tax evasion offences where a person performs a deliberate act or omission with the intention of violating the provisions of the issued tax legislation.

No special rules are planned for small or medium sized enterprises. The FTA will provide materials and resources available for these entities to assist them in their enquiries.

A supplier registered or required to be registered for VAT must issue a valid VAT invoice for the supply. To be considered as a valid VAT invoice, the document must follow a specific format as mentioned in the legislation. In certain situations the supplier may be able to issue a simplified VAT invoice.

Government entities
Supplies made by government entities will typically be subject to VAT. This will ensure that government entities are not unfairly advantaged as compared to private businesses. Certain supplies made by government entities will, however, be excluded from the scope of VAT if they are not in competition with the private sector or where the entity is the sole provider of such supplies. It is likely certain government entities will be entitled to VAT refunds – this is designed to avoid budgeting issues and provide a level playing field between outsourced and insourced activities. For the supplies provided for government entities, the treatment of such supplies shall depend on the same supply and not on the recipient of the supply. Therefore, if the supply is subject to the standard tax rate, the treatment would remain the same even if it is provided to a government entity.

Transitional rulesSpecial rules will be provided to deal with various situations that may arise in respect of supplies that span the introduction of VAT. For example:
• Where a payment is received in respect of a supply of goods before the introduction of VAT, but the goods are actually delivered after the introduction of VAT. This means that VAT will have to be charged on such supplies. Likewise, special rules will apply with regards to supplies of services spanning the introduction of VAT.
• Where a contract is concluded prior to the introduction of VAT in respect of a supply, which is wholly or partly made after the introduction of VAT, and the contract does not contain clauses relating to the VAT treatment of the supply, then consideration for the supply will be treated as inclusive of VAT.

There will, however, be special provisions to allow suppliers to charge VAT in situations where their recipient is able to recover their VAT but where there is no VAT clause.

Payments and claims
Note that VAT will be payable in full not after netting off input tax which will then have to be claimed. This is more of a challenge for cash flow and business risk, especially given the penalties for late payments.
Refunds will be made after the receipt of the application and will be subject to verification checks, with a particular focus to avoid fraud.

The FTA may provide its views on various matters in the law. Taxpayers may choose to challenge these views. However, penalties may be imposed on taxpayers who are found to violate any tax laws and regulations.

Other Emirates
It is expected that businesses will need to complete additional information on their VAT returns to report revenues earned in each Emirate. Guidance will be provided to businesses with regards to this. It is expected that the rules will be relatively straightforward for most businesses and will be based, for example, for B2C transactions, on the location of the transaction (e.g. in a retail environment, the location of the shop).

The UAE Ministry of Economy is raising awareness among private sector companies of the need to be ready for new European data protection rules, which comes into force one year from now.

The European Union General Data Protection Regulation (GDPR) is set to become law by May 2018. The new rules govern all companies in Europe, as well as all companies trading with European companies and individuals.

The GDPR was drafted to “harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States

The law includes strong penalties for either misuse of data, or failure to protect the personal data of customers, with fines of up to 4% of annual turnover, or 20m euros ($22m).

HE Juma Mohammed Al Kait, Assistant Undersecretary for Foreign Trade at the Ministry of Economy, noted that the regulation issued by the EU aims to protect the data of every individual in the EU.

This not only impacts companies operating in European countries, but includes all institutions and companies that conduct business, trade and investment activities within EU countries, including the UAE business sector linked with European trade relations.

Due to this, the Ministry is working on deepening its knowledge about the new legislation, its provisions and requirements, and aims to reconcile its operational procedures with European authorities, in adherence with the framework of the GDPR, before May 2018.

Al Kait emphasized the EU is one of the UAE’s most important trade partners. Trade between the two sides generated $65.8 billion in 2016 alone. The UAE has become one of the top 10 destinations for EU exports, and is home to over 41,000 European companies, in addition to over 121,000 EU citizens.

Penalties will also apply to information controllers and processors, including cloud software companies.

The new legislation also outlines terms of approval for the use of data, to prevent companies from using legally illegitimate terms, and gives both parties the ability to easily withdraw if desired.

The compliance world will change dramatically for a number of GCC organizations on 25 May 2018. In just over one year’s time GCC organizations that:
1.have a branch, subsidiary or single representative in the European Union (“EU”);
2.do not have a physical presence in the EU, but offer goods or services to data subjects in the EU; or
3.neither have a physical presence in the EU nor offer goods or services to people in the EU, but monitor the online behavior of data subjects in the EU, will have to ensure that they are complying with the European Union General Data Protection Regulation (“GDPR”).

Who is likely to be affected?

Based on the test set out in the GDPR, the new regulations will likely apply to a significant number of entities in this region.
Obvious examples include:
– major airlines that fly to and from the EU,
- hotel and tourism operators who promote travel to the region to EU data subjects,
- regional banks and other financial service companies that have branches in the financial centres in the EU and online.

Less obvious examples include:
- e-commerce companies that are able to accept payments in euros and deliver to the EU
- mobile apps that can be downloaded by users in the EU and which have access to a user’s contacts, photos or location data.

All of these businesses may need to comply with the GDPR and to mitigate the risk and cost of failure to do so.
If your organization is affected it has three main options:
1. wait and see i.e. do nothing (not advisable);
2.consider what it needs to do to ensure that it does not fall within the scope of the GDPR;
3. take immediate steps to prepare to comply with the GDPR .

For option (2), if your organization does not have an establishment in the EU and does not need to target or monitor EU data subjects then you ight consider making it very clear that your website or app is not for use by EU users (e.g. including geo-blocking EU data subjects).

for option (3), if you have not started the process of ensuring compliance by now, then there is a lot to do.

1.monitor business to consumer business practices, including:
- conducting a data protection audit,
- examining the legal basis on which it processes personal data and updates its privacy policies;
2.monitor internal business practices, including:
- review and update of agreements with data processors,
- implement processes for adoption of pseudoanonymization and privacy by design
- considering the legal basis on which it transfers personal data between jurisdictions;
3.establish compliant accountability processes, including”
- processes for record keeping,
- appointment of a data protection officer or EU representative and dealing with data subjects;
4.invest in infrastructure, including:
- how to determine the severity, and impact on data subjects of a data breach
- to establish robust security processes and procedures for notifying regulatory authorities and data subjects -

The need for compliance, especially for longer-term projects such as records of processing and compliant contracting, must be addressed as soon as is practicable.

Businesses that either operate, target customers or monitor individuals in the EU should :
• Audit: to identify key remediation areas.
• Record of Processing: This mandatory record will require significant internal resources, but will also help to plan and implement GDPR processes. .
• Consider Contract Renegotiations: The GDPR requires that contracts with data controllers include additional obligations. As companies come to renegotiate contracts, ensure that adequate data protection clauses are added.
• Review and update, where necessary, employee notices to be GDPR compliant. If you currently conduct criminal records checks, then review national laws where you operate to ensure you can continue to do so . There is an emphasis on transparency in the GDPR. Notices must be clear, concise and informative. Employees must be adequately informed of all data processing activities and data transfers and the information set out in Articles 13 to 14 must be provided. Criminal records can no longer be processed unless authorized by member state law.

Consider whether your organization is processing any sensitive personal data and ensure the requirements for
processing such data are satisfied While the grounds for processing are broadly the same as those set out
in the current Data Privacy Directive, the GDPR imposes new requirements to gain valid consent. Consent can be withdrawn at any time and systems must be able to handle withdrawal request.

• Review and update, where necessary, customer notices to be GDPR compliant
• Consider whether your notices have to accommodate “child-friendly requirements”. he GDPR requires parental consent for the processing of data related to information society services offered to a “child” (ranging
from 13 to 16 years old depending on the member state.
• Data privacy rights. The current rights to request access to data or require it to be rectified or deleted have been expanded to include a much broader right to require deletion (“the right to be forgotten”), a right not just to access your data but have it provided to you in a machine readable format (“data portability”). Versions of the existing right to object to any processing undertaken on the basis of legitimate interests or for direct marketing and the right not to be subject to decision based on automated processing are also included and expressly refer a right to object to profiling.
These must be clearly communicated in the notices given to data subjects, e.g. privacy policy
• Privacy by design. Ensure processes are in place to embed privacy by design into projects (e.g. technical and organizational measures are in place to ensure data minimization, purpose limitation and security)

Consider what data you hold in emails, in CRM systems, Social media.
What should be your data access use and retention policies?

Personally I think it will be great if this is a way to prosecute the perpetrators of all the spam nd phishing emails I get or at least to remove data form their lists!

VAT (Value Added TAX), which is also called as ‘tax on consumption’ , is a tax that is payable while purchasing any product. VAT is applied as particular percentage of the cost of goods and services, hence it can not be considered as a charge on companies. It is a general tax amount, which is added by the producer to the inputs before they are sold as new offerings.

All UAE businesses subject to the Value-Added Tax have to submit their tax declaration statements on a quarterly basis after the VAT law goes into effect starting January 2018, according the Ministry of Finance.

The threshold for VAT registration put at Dh375,000 as per the ministry’s announcement this week.
It is optional to register between Dh187,500 and Dh375,000 .

UAE businesses will be able to start VAT registration in Q3 2017 and it is compulsory to be registered by Q4 2017.

Businesses will be able to register online using eServices.

The UAE businesses, subject to the tax, have to keep all files that allow competent authorities to audit their transactions and commercial activities, with the nature of the needed documents to be announced over the coming period. Businesses will be required to keep records which will enable the authorities to identify the details of the business activities and to review transactions. The specifics regarding the documents which will be required and the time period for keeping those will be communicated in due course.

Review your finance systems’ readiness for rapid implementation to meet these requirements. There will be a shortage of skilled consultants, and there are several holidays (EID, Diwali, Christmas, New Year, National Day etc. its also budget time, and preparation for year end audits,to fit in during the last quarter. Allow time for collection of your trading partners VAT registration ids, for report development and update, for testing and for staff training.

All six of the GCC member states: Saudi Arabia, Qatar, Oman, Kuwait, the UAE and Bahrain – have now signed and approved the VAT framework.

Registered businesses will be expected to submit VAT returns on a regular basis. It is expected that the default period for filing VAT returns will be three months for the majority of businesses. Registered businesses will be able to file their returns online using eServices.

Exemptions:
We understand that:
Health, education services, international transportation, import gold for investment purposes, commodities and exports are exempted from VAT in UAE.
Residential buildings for sale or lease during the first three years in which the building is completed, some financial services and empty plots of land are also exempted from VAT.

The GCC Member States will appreciate the VAT on financial provisions. The Banks and Financial House are ineligible for VAT in terms of the services provided, instead, they might be eligible for input tax based on tax recovery rates determined by each Member State.

The Federal Tax Authority has also announced a 100 per cent tax on tobacco, energy drinks and 50 per cent on carbonated beverages. This is separate from VAT.

The General Authority for Zakat and Income Tax (GAZT) in KSA reportedly warned businesses, during an awareness session that took place at the Riyadh Chamber of Commerce on Monday 16 May 2017, that penalties will be applicable in the cases of violation of VAT laws and regulations.

Penalties

The following types of Penalties will apply in each of the following cases:
• Case 1: Businesses required to register for VAT and that fail to register shall be liable to double the net tax due.
• Case 2: Committing an error in filling the tax return shall result in paying an additional 50% of net tax declared.

• Case 3: Exaggerated tax refund claims shall be subject to a penalty 50% of the original amount reported.
• Case 4: Late filing of tax return would result in a penalty of SAR 1,000 and an extra 5 to 20% of the unpaid tax. The percentage varies depending on the number of days of delay.
• Case 5: Non-registered person who issue an invoice with VAT shall pay SAR 1,000 or double the amount of the net tax (whichever is higher).
• Case 6: Not keeping records of the required documents shall result on a penalty of SAR 1,000 or 2% of the monthly average taxable supplies (whichever is higher).
• Case 7: Non-compliance with GAZT inquiries in providing relevant information shall result in a penalty of SRA 1,000 or 2% of the average monthly taxable supplies (SAR 20,000 maximum) or whichever is higher.

The GCC’s unified agreement for value added tax (VAT) has recently been published (in Arabic only) by the
Saudi Ministry of Finance on their website.

This unified agreement sets out the framework under which VAT can be implemented in each of the
GCC member states. The framework includes agreement on certain matters but still allows member
states discretion on how to treat others.

Once the agreement is ratified, each member state can issue its own local law and implement VAT.

The UAE intends to implement VAT with effect from 1 January 2018 but other states may take another 6 months or so.

The framework paves the way for implementation, for a basic rate of VAT of five percent with certain supplies of goods and services zero rated or VAT exempt. We understand that the Ministry of Finance (MoF) will release the UAE’s law on VAT towards the end of June. This will detail how the UAE will interpret the GCC framework and how it will deal with those matters where it has discretion. These will include whether to treat certain supplies as zero rated or VAT exempt.

The local law will detail conditions for:
VAT deductions,
VAT grouping
Rules for recovering VAT in respect of financial services
Reporting formats

There is no indication of how VAT will apply to free zones.

The MoF has recently been holding a series of public awareness sessions, outlining how they
propose to apply VAT to those areas where the GCC framework allows discretion. The UAE has also
taken steps to set up its own Federal Tax Authority (FTA), which will be responsible for all VAT
matters in the UAE.

The framework provides information to start planning for VAT.

VAT will impact all businesses in the UAE, either directly or indirectly.

So carefully review your systems and review their processes to understand the impact of VAT and to determine what needs to be done to be fully compliant with the new laws.

Do you need to recruit? Train?

Budget for auditors, or consulting support, or system modifications or upgrades?

What contracts are in place beyond 1 January 2018 -how will those be impacted by VAT?

All businesses will be required to maintain extensive and proper books of account because complete, verifiable
documentation will be essential to support a VAT refund claim and avoid penalties for non-compliance.

Accounting systems should be able to identify and record VAT – payable and receivable, – across the entire supply chain. Ensure that your systems will enable you to:
- hold VAT registration ids by trading partner
- hold VAT codes by item fro the relevant tax rate or exemption.
- identify and record rebates,
- exemptions,
– or other special VAT treatments on particular transactions.
- generate commercial documents like invoices or till receipts with VAT shown
- deal with rebate and returns
- create timely, accurate statutory returns
- work with current interfaces.
- product auditable accounts.

We have already received several dozen inquires to assist with this transition, if you need assistance with your business systems to comply with VAT then please contact us in good time – year end is a holiday season and also a busy time for new system go live, and for financial audit preparation.

Here’s a breakdown of the three new Microsoft tools to help you move to the cloud faster and what they can offer businesses.

1. Free cloud migration assessment

This assessment will help customers to more easily find and to better understand their current server setups, to help them to determine the cost and the value of moving to the cloud. Once the servers are discovered, the tool can analyze their configurations, and give the user a report of the potential cost drop of moving to Azure.

Data center administrators can export the results of the assessment into a customized report. The report could provide some valuable data and statistics for a CIO conversation with the CFO.

2. Azure Hybrid Use Benefit

This tool should save users money on their cloud deployments. Customers can activate the Azure Hybrid Use Benefit in the Azure Management Portal,It is available on Windows Server virtual machines in Azure, to all customers. “Use your on-premises Windows Server licenses that include Software Assurance to save big on Windows Server VMs in Azure. By using your existing licenses, you pay the base compute rate and save up to 40 percent.” the tool’s web page said,

3. Azure Site Recovery

Azure Site Recovery is meant to ease the process of migrating virtual machines to Azure. Applications running on AWS, VMware, Hyper-V, or physical servers can be moved. Additionally, a new feature in Azure Site Recovery will “allow you to tag virtual machines within the Azure portal itself, This capability will make it easier than ever to migrate your Windows Server virtual machines.”

Other features include automated protection and replication of virtual machines, remote monitoring, custom recovery plans, recovery plan testing, and more

- What are the challenges an opportunities for the spa industry in the U.A.E. ?
- Hear from industry professionals.
- Find out how Core from Premier Software and Deyafa Systems can help you increase you inquiry conversion, and customer retention, and drive your SPA REVPATH.

Premier Software gets to the ‘Core’ of your business.
The industry’s leading spa business management software companies has confirmed as a key speaker at an exclusive one day event held at the Microsoft Gulf, Gem Auditorium, Internet city, Dubai.

Premier Software has teamed up with Deyafa Hospitality Solutions to host an exclusive event showcasing its flagship software system – Core by Premier Software (Core).

The event is supported by Microsoft and Synergy Software Systems,.

Developed specifically for the spa, wellness and leisure industry, Core is already the software system of choice for many leading hotels and spas across the world including the Buji Club – Burj Khalifa, InterContinental® Dubai Marina, Nikki Beach Resort & Spa, The Belfry and The Corinthia.

Core brings together over two decades of experience to deliver a business management system that provides a complete overview of your business at the touch of a button. Core is available both as a single site, and a multi-site solution.

Leonie Wileman, Premier’s Chief Operating Officer, will then showcase ‘Core’ and how its capabilities help a spa be more profitable. “The spa and wellness industry is constantly evolving and many of our clients are looking for a robust IT solution that not only integrates with existing PMS, but can also flex to accommodate future growth,” she said. “The event is an ideal opportunity for visitors to explore Core, see how it works and integrates with existing systems and fully understand how it can transform a business. Core helps to maximise profitability, to streamline day-to-day operations and to pinpoint areas for growth. It is easy-to-use for everyone form the Group Financial Director’s through to the therapists and reception staff.”

The event will also showcase the Core solution with a live demonstration.

We will also hear about some implementations of Core, in prominent spas.

There will be opportunity to mix with other regional spa professionals at the event.

Deyafa Systems is a Dubai based speciality provider of globally branded hospitality solutions. Stephen Jones, Director of Deyafa Systems, said. “We are excited about the new release of Core, an integrated, new generation of spa software. It builds in Premier Software’s years of spa management experience and leverages Microsoft’s powerful technology to improve REVPATH, customer conversion and customer retention.“

Premier has been working with Deyafa since 2003 to provide hospitality IT solutions to both independent spas, and wellness centres, and to large international hotel groups. With its single database structure that can be tailored to meet a sap business’s exact requirements,

Core is rapidly proving to be the software system of choice for the industry.

To register:
Call Suresh 00971 4 3365589/ 33744582
or
Email: suresh.savari@synergy-software.com
or
register on line http://deyafasystems.com/PremierSPAevent

By January 1, 2018, it is expected that value added tax (VAT) will be applied at a rate of 5 per cent on most goods and services in the UAE and wider GCC region. The Unified Agreement, previously referred to by the working title of a framework agreement, is an overarching agreement that will be concluded by all six GCC nations. The best acronym, albeit long, is “GCC UAVAT”.

The unity referred to in the GCC UAVAT is a unity of purpose. The GCC UAVAT is intended to make sure that VAT is introduced in the GCC in a coordinated fashion. It does not necessarily mean that each national VAT law will be identical, nor that those national laws will all become effective on exactly the same date.

The rate of VAT has been confirmed at 5 per cent, a figure that was agreed at GCC level in mid-2016.
Minister of State for Financial Affairs Obaid Humaid Al Tayer. Speaking to reporters after a joint press conference with Christine Lagarde, Managing Director of the IMF in Dubai, Al Tayer said 100 food items, health, education, bicycles and social services would be exempt from VAT. Further information was provided by the Bahraini information affairs minister, who held a press conference attended by the under-secretary for finance in Bahrain. The Bahraini minister confirmed that basic food and other consumer commodities, medicines and medical supplies will be exempt from VAT. The list of exemptions signals a clear intention on the part of the GCC authorities to temper the mildly regressive nature of VAT.

VAT is an indirect tax applied at every stage of the supply chain, the end effect of the levy is on consumers who finally pay the tax while buying a good or service. Businesses collect and account for the tax, in a way acting as a tax collector on behalf of the government. A business pays the government the tax that it collects from the customers while it may also receive a refund from the government on tax that it has paid to its suppliers. The net result is that tax receipts to government reflect the ‘value add’ throughout the supply chain. VAT is said to be a “self-policing” tax because of the netting-off of input tax from output tax at each successive stage of the production and distribution cycles. Thus, administration is not confined to the national tax authority. As taxable entities, VAT-registered businesses also have administrative responsibilities. Work must be undertaken in that important regard.

There are four important stakeholders in this VAT episode: – governments (beneficiary), businesses (tax collectors), consumers (taxpayers) and consultants (VAT experts). VAT is a tax on consumption. It is ultimately paid by the consumer, in other words “the public” in some shape or form. The public does, therefore, need to be aware.

The businesses that are required to collect the VAT and deposit it with the government are the most worried . They will have to perform an extra function, which could result in additional hiring and costs, or risk of fines, although they do not receive a direct economic incentive. It is not just a question of simply collecting and remitting, , being in the ‘middle’ may bring several complexities.

if the UK and EU VAT regimes are anything to go by, the complete legislative picture will comprise a number of layers. All businesses in the UAE will need to record their financial transactions and ensure that their financial records are accurate and up to date.
– Businesses that meet the minimum annual turnover requirement (as evidenced by their financial records) will be required to register for VAT.
- Businesses that do not think that they should be VAT registered should maintain their financial records in any event, their turnover may change, and the in case the government tax team may need to establish whether they should be registered.

Registration for VAT is expected to be made available to businesses that meet the requirements criteria, three months before the launch of VAT. Businesses will be able to register online using eServices

Registered businesses will be expected to submit VAT returns on a regular basis. It is expected that the default period for filing VAT returns will be three months for the majority of businesses. Registered businesses will be able to file their returns online using eServices.

Details of the Tax Law will be made to the press and details will be published on the Ministry of Finance website. The primary source of information regarding the UAE VAT Law is the Ministry of Finance website.

There may be some special rules on VAT for organizations such as government entities as well as refunds available in some circumstances, especially where international obligations require us to make those refunds.

Everyone is urged to fully comply with their VAT responsibilities. The government is currently in the process of defining the exact fees and penalties for non-compliance.

VAT-registered businesses generally:
• must charge VAT on taxable goods or services they supply;
• may reclaim any VAT they’ve paid on business-related goods or services;
• keep a range of business records which will allow the government to check that they have got things right

If you’re a VAT-registered business you must report the amount of VAT you’ve charged and the amount of VAT you’ve paid to the government on a regular basis. It will be a formal submission and it is likely that the reporting will be made online.

If you’ve charged more VAT than you’ve paid, you have to pay the difference to the government. If you’ve paid more VAT than you’ve charged, you can reclaim the difference.

VAT differs from sales tax which is only imposed on the final sale to the consumer. This contrasts with VAT which is imposed on goods and services and is charged throughout the supply chain, including on the final sale. VAT is also imposed on imports of goods and services so as to ensure that a level playing field is maintained for domestic providers of those same goods and services.

Not all businesses will need to register for VAT. In simple terms, only businesses that meet a certain minimum annual turnover requirement will have to register for VAT. That is, many small businesses will not need to register for VAT. The specific conditions (such as minimum annual turnover) that will help identify businesses that do not need to register for VAT are not expected to be announced before October.

Four-step guide to help companies in the UAE to prepare for VAT implementation, (which can take between eight and 12 months). It may take longer if some of the activities are outsourced, for example IT.
1. Impact assessment
• Complete an impact assessment to understand VAT and its commercial effects.
• Prioritise issues and prepare for implementation.
• This is a key step.
• The assessment looks at its various effects on the organisational, operational and financial levels.
• Typically, an impact assessment needs between eight and 12 weeks to complete and that leaves a relatively short time, no more than nine months, to affect implementation.

2. Project preparation
• Prepare a project plan and secure the necessary internal and external resources and ensure the stakeholders in the business are informed.
• VAT is not just a finance project. It affects all transactions and so touches every aspect of the organisation.
• VAT affects IT systems, finance, human resources, legal teams and even inter-organisation transactions.
• IT systems are integral to the process because they need to be updated to handle the VAT.
• Preparation will entail a cost that companies will need to budget.

3. Design and implementation
• Based on the impact assessment, they need to develop a road map for identifying the changes required, understanding the scheduling requirements and planning for work.
• Implementing the changes across various levels in the organisation starts with mapping the transaction footprint to understand the VAT obligations of the business. This should form the basis for making changes across different verticals in the organisation such as IT, supply chain and human resources.
• Businesses need to design the systems and reports and train their staff on the process requirements for VAT.
• This may require a new software/ new release, or upgrade, Consider:
 COA changes,
 Contract changes
 Order, receipt and invoice formats
 Cash flow and budget updates
 Impact on open orders on1 Jan 2018
 Whether any interfaces are affected
• Businesses must implement necessary changes to systems, controls, reporting and governance in good time.

4. Registering and testing
• Businesses need to register for VAT .
• They need to test that their business systems are capable of compliance and reporting.
• Businesses need to integrate the changes made into the operations and train relevant staff about their new roles and responsibilities to achieve the desired result.
• Testing the VAT system, processes and controls during a “live” phase (expected from January 1, 2018) is important to allow for the complete and accurate completion of the first VAT return.
• Make sure to test adequate volumes of data – e.g. processing a quarterly Vat return on all sales and purchase transactions may involve a lot of processing for some companies.
• Make sure to test interfaces.

Its about, 360-degree patient interactions and leveraging technology to streamline processes and workflows across an organisation to ensure that each patient is efficiently placed to the appropriate level of care each time, every time.

- Healthcare professionals from every department involved can see a complete picture of the
patient’s needs, interactions, care steps and wellness plans.
- Integrated knowledge base specific to your business and expert areas ensures patient care is
streamlined and questions are quickly answered.
- Multiple channels available, allowing patients a single point of access to information and
resources, enabling them to make appointments, update personal information, and
communicate health professionals throughout their care.
- Enable patients to share their medical records and device readings with authorized health
professionals online.

Secure
- Regulate data access with CRM’s combination of role-based security, record-level security,
and field-level security.
- Comprehensive auditing and control on activities within the solution.
- Control identity management and ease the burden of mundane password management by
setting up various standards-based identity providers if authenticated sign-on security is
required.
- Set up web-based public-facing portals that connect to CRM and run in your data centre or

Windows Azure via CRM’s flexible web portal framework.
- Available on cloud or on premise
- Ability to develop and to test customizations in an isolated, non-production online environment.

This offering is part of a suite of medical solutions from industry specialist Capita, that are widely adopted in the U.K. National Health Service

The “Core” solution for spa has had huge success since it launch last year in the U.K. In the last quarter of 2016 it was introduced to the U,A.E. and early adopters include Nikki Beach Spa and the Burj Club.

The event will end with a live demonstration by Premier Software who have partnered with Deyafa Systems locally to provide Spa solutions to the region since 2003.

If you have not received an invitation and would like to attend then please contact Deyafa Systems as soon as possible to register. Take this opportunity to meet with other Spa professionals and to get update insights to guide your strategy.

We offer a powerful patient relationship management solution, built on Microsoft Dynamics CRM/xRM that utilises accredited clinical content to facilitate best clinical practice, record keeping and auditing. It assists in decision making, for improved efficiency and safe, appropriate outcomes for patients.

- Connect people, information and systems.
- Enable your healthcare institutions to move away from isolated legacy applications and paper-based processes.
- Aid physicians, nurses and administrators to work as a single integrated team to improve clinical decision making and to co-ordinate the delivery of patient care.

Our clinical content suite is a proven set of symptom-based, algorithms developed by clinicians to support healthcare decisions. In the NHS, in the U.K., the NHS Direct software has benefited over 50 million people in England, Wales and Scotland as the largest, telephone-based, triage system in the world.

Accurate and up to date clinical information is the bedrock of safe healthcare applications. Our clinical content is well established and is constantly updated. Our content suite guides the user through questions and rationales to assess the severity of the situation. This ensures both an evidence based outcome, and an efficient and timely referral to appropriate care for the patient.

Use structured clinical assessments both to promote best practice within staff groups, and to provide reassurance to patients, and thereby consistency and quality in assessment and outcomes.

Our customisable interface allows for adaptation of the content to meet local needs, from: Malaria, to Sickle Cell Anaemia, trauma, or snake bites.

Trusted, evidence-based, content minimises clinical risk, The content can be enhanced with user feedback, The content can be used within many applications, such as:teletriagecontact centres,web and mobile applications,face to face assessment self assessment

Our supporting Decision Management System is an authoring and presentation software application that enables you easily: to write, to view and to publish clinical content, business processes and workflows.

Update your content in real time. The open API allows you to publish across multi-channels, multi-devices and to integrate with the HIS software solutions you use.

Multi-Lingual requirement? No problem – DMS can support any language.

Our system guides users through questions, to gather pertinent information, and provides reasoning, to quickly and efficiently reach an ‘outcome’. The system can be paused and resumed, at any time during this process. A user can break from one workflow, to enter another workflow, at any time during the assessment process.

On completion an electronic transcript of the complete transaction is stored for audit purposes.

Synergy is a well established, solution provider across the Middle East region.
Synergy has a strong presence in several key verticals; Manufacturing, Construction, Hospitality Insurance, Financial Services, Government. Media, Oil and Gas, Distribution.
Synergy is particularly well known as a Gold Partner of both Infor Sunsystems, and Microsoft Dynamics Ax and for its implementation expertise and exceptional support. It is based centrally in Dubai in the Karama district since it was registered in 1991, and occupies a 7,000 sq ft office with around 80 full time employees.